In the 1990s, in what might be called the first battle of the Crypto War, the government classified encryption as a munition and restricted its export. While opposing export in general, the government was licensing the export of implementations that were restricted to a forty bit key. Of course, 56 bit was then the norm and, at the time, expensive for the NSA to crack.
IBM had just purchased Lotus Notes and wanted to,export it. In order to get a license, they negotiated an agreement under which they would encrypt 16 bits of the 56 bit message key under a public key provided by the government and attach it to the message or object. This would mean that while the work factor anyone else would be 56 bits, for the government it would be only 40 bits.
Viewed today, 40 bit encryption is trivial; twenty years ago it was strong enough that, while the government could read any message that it wanted to, it could not read every message that it wanted to. Said another way, it would be able to do intelligence, or even investigation, but it still would not be able to engage in mass surveillance.
Moreover, we believed that the NSA only collected,traffic that crossed our borders, that it could not be used against citizens. We believed that the government could keep,their private key secure. Of course, post "warrant-less surveillance," the routine breaches of government computers, including those of the NSA,and the exponential growth of computing power over a generation, this all seems very naive.
However, I like,to think that it illustrates that it is possible to craft solutions that grant authorized access to the government, with a work factor measured in weeks to months per message, file, device or key, while presenting all,others with a cost of attack measured in decades or even centuries.
It also illustrates the fundamental, application, and implementation-induced limitations of any such scheme, limitations that would have to be compensated for. No such scheme will be fool-proof, nor need it be. Like our other institutions and tools, it need only work well enough for each intended application and environment.